TTCSIRT-175.102218: TT-CSIRT Advisory – Cisco Security Updates

TTCSIRT-175.102218: TT-CSIRT Advisory – Cisco Security Updates

Cisco has released a security update stating that it discovered a vulnerability where libssh could allow an unauthenticated, remote attacker to bypass authentication on a targeted system. The issue is due to improper authentication operations by the server-side state machine of the affected software. An attacker could exploit this vulnerability by presenting a SSH2_MSG_USERAUTH_SUCCESS message […]

TTCSIRT-174.102218: TT-CSIRT Advisory – Drupal Security Updates

Drupal has released a security update stating that the following vulnerabilities have been discovered in the Drupal Core Module: a) Content Moderation fails in certain circumstances to check user access to certain transitions which results in an access bypass. b) External URL injection through URL Aliases allows for open redirect. c) Anonymous Open Redirect takes […]

TTCSIRT-173.101618: TT-CSIRT Advisory – PHP Security Updates

PHP has released a security update stating that the following vulnerabilities have been discovered in PHP ver 7.2.11 & 7.1.23: a) Bug #66828 – (iconv_mime_encode Q-encoding longer than it should be). b) Bug #73457 – (Wrong error message when fopen FTP wrapped fails to open data connection). c) Bug #74454 – (Wrong exception being thrown […]

TTCSIRT-172.101618: TT-CSIRT Advisory – Chrome Security Updates

Google has released a security update stating that the following vulnerabilities have been discovered in Google Chrome: a) Cross-origin URL disclosure in Blink – (CVE-2018-17468). b) Heap buffer overflow in PDFium – (CVE-2018-17469). c) iframe sandbox escape on iOS – (CVE-2018-17472). d) Lack of limits on update() in ServiceWorker – (CVE-2018-5179). e) Memory corruption in […]

TTCSIRT-171.100818: TT-CSIRT Advisory – Android Security Updates

Google has released a security update stating that the following vulnerabilities have been discovered in the Android Operating System: a) A denial of service vulnerability in Framework – (CVE-2018-9452). b) Multiple elevation of privilege vulnerabilities in Framework – (CVE-2018-9490, CVE-2018-9492). c) An information disclosure vulnerability in Framework – (CVE-2018-9493). d) A remote code vulnerability in […]

TTCSIRT-170.100818: TT-CSIRT Advisory – VMware Security Updates

VMWare has released a security update stating that the VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This issue may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. Further information on this vulnerability […]

TTCSIRT-168.092818: TT-CSIRT Advisory – Cisco Security Updates

Cisco has released a security update stating that an in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker could exploit this […]

TTCSIRT-167.092018: TT-CSIRT Advisory – PHP Security Updates

PHP has released a security update stating that the following vulnerabilities have been discovered in PHP ver 7.2.10 & Version 7.1.22: a) Bug #55146 – (iconv_mime_decode_headers() skips some headers) b) Bug #60494 – (iconv_mime_decode does ignore special characters) c) Bug #63839 – (iconv_mime_decode_headers function is skipping headers) d) Bug #65988 – (Zlib version check fails […]